Debian Package Tracker

From: Stefan Gybas <sgybas@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted tomcat 3.3.1a-1 (i386 source all)
Date: Mon, 27 Jan 2003 07:32:29 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 27 Jan 2003 10:50:13 +0100
Source: tomcat
Binary: libapache-mod-jk tomcat
Architecture: source all i386
Version: 3.3.1a-1
Distribution: unstable
Urgency: high
Maintainer: Stefan Gybas <sgybas@debian.org>
Changed-By: Stefan Gybas <sgybas@debian.org>
Description: 
 libapache-mod-jk - Apache connector for Tomcat servlet engine
 tomcat     - Java Servlet 2.2 engine with JSP 1.1 support
Changes: 
 tomcat (3.3.1a-1) unstable; urgency=high
 .
   * New upstream release which fixes two security vulnerabilities:
     + when used with JDK 1.3.1 or earlier, a maliciously crafted request
       could return a directory listing even when an index.html, index.jsp,
       or other welcome file is present. File contents can be returned as well.
     + a malicious web application could read the contents of some files
       outside the web application via its web.xml file in spite of the
       presence of a security manager
   * Disable the examples webapp since it contains cross site scripting
     vulnerability: examples.war is now installed in
     /usr/share/doc/tomcat/examples
   * Standards-Version: 3.5.8 (no changes required)
   * Build with the latest Apache version
   * Updates README.Debian
Files: 
 2fdf39c430424aa9a24acc4fa5bbcac7 809 contrib/web optional tomcat_3.3.1a-1.dsc
 bebdbb5f9a079c36d5804581bbe6e97f 2155431 contrib/web optional tomcat_3.3.1a.orig.tar.gz
 3ec7773187f8cbe29184a3cdc8a7215f 14361 contrib/web optional tomcat_3.3.1a-1.diff.gz
 0a79edfd52054a051180be5aa7db999e 1272762 contrib/web optional tomcat_3.3.1a-1_all.deb
 01e2226fb8c56668d801e8d9a4af229c 51314 contrib/web optional libapache-mod-jk_3.3.1a-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+NSMwCdoSgNrrJGsRAqz5AJ0ZpaBL3Evpelo7VIhom8rFHNj2PQCglnEH
dvZGjYhDLR0wfdCmmBovZtQ=
=5uv5
-----END PGP SIGNATURE-----


Accepted:
libapache-mod-jk_3.3.1a-1_i386.deb
  to pool/contrib/t/tomcat/libapache-mod-jk_3.3.1a-1_i386.deb
tomcat_3.3.1a-1.diff.gz
  to pool/contrib/t/tomcat/tomcat_3.3.1a-1.diff.gz
tomcat_3.3.1a-1.dsc
  to pool/contrib/t/tomcat/tomcat_3.3.1a-1.dsc
tomcat_3.3.1a-1_all.deb
  to pool/contrib/t/tomcat/tomcat_3.3.1a-1_all.deb
tomcat_3.3.1a.orig.tar.gz
  to pool/contrib/t/tomcat/tomcat_3.3.1a.orig.tar.gz


-- 
To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
News for package tomcat
